On Oct 6 2007 16:10, Sven Schnelle wrote: > >Thanks. I've added only a few options, so this list may still be >extensible ;-) Well, with md5, it is complete for now. I have gone through net/tcp.h, which is how I even found TCPOPT_MD5 (though, I knew of the existence of MD5 signatures for network streams beforehand). >I've changed the code in the meantime so that names could be specified >inside the --strip-options argument list, instead of having extra >options for every tcp option, this makes code smaller, and it is even >simpler to add new names. Very good. > pkts bytes target prot opt in out source destination > 0 0 TCPOPTSTRIP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 TCPOPTSTRIP options wscale,77 I added support for numeric printing (e.g. iptables -nvL), so that it shows 3,77 (as requested by -n) instead of wscale,77, making it behave like the other iptables modules like xt_tcpudp. I have chosen to always use numeric output for tcpoptstrip_save, _unlike_ xt_tcpudp, which always uses symbolic names. Patches following. - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
